> desktop Linux user like me, open hardware is already a reality
Power or RISC-V ISA hardware are in low stock, have very few, specialised vendors and are not affordable. I have great sympathy for people who refuse to pay the outrageous difference to off-the-shelf hardware that can be bought anywhere just to gain a level of privacy that they should have in the first place.
AMD and Intel have rootkits in their hardware which are designed to be exceedingly difficult to remove. If the customer is a spy agency, they will ship with the rootkit disabled. If the customer is just a normal person like the one writing the article, one will not be able to have one for money or good words.
I seriously doubt either Intel or AMD ship different silicon to the NSA or whoever else. At least from what I've read, the only difference (at least on Intel) is the "NSA bit", that can actually be turned on on any chip these days. System76 actually ships machines with it enabled by default.
If you're going through all that effort, then why bothering with hardening Chrome? Why wouldn't you start with Firefox, which doesn't require unGoogling to be considered secure?
OpenBSD's Chrome had pledge() first, but you're right, I should consider Firefox.
However, there was a recent Firefox bug in OpenBSD, and the patches weren't applied uniformly. It does seem that Chrome is more consistent, and gets more attention.
Power or RISC-V ISA hardware are in low stock, have very few, specialised vendors and are not affordable. I have great sympathy for people who refuse to pay the outrageous difference to off-the-shelf hardware that can be bought anywhere just to gain a level of privacy that they should have in the first place.
AMD and Intel have rootkits in their hardware which are designed to be exceedingly difficult to remove. If the customer is a spy agency, they will ship with the rootkit disabled. If the customer is just a normal person like the one writing the article, one will not be able to have one for money or good words.